Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32-Rootkit-Agent-ODG-trojan-unable-to-clean


  • Please log in to reply

#1
aasimn

aasimn

    Member

  • Member
  • PipPip
  • 25 posts
HI
Can any please help me
i found
27/04/2009 22:54:08 Startup scanner operating memory Operating memory Win32/Rootkit.Agent.ODG trojan unable to clean
27/04/2009 21:46:21 Startup scanner operating memory Operating memory Win32/Agent.ODG virus unable to clean

when i scanned with eset nod32.
PLeas help me remove this trojan. thanks alot.. :)
  • 0

Advertisements


#2
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello aasimn and welcome to Geeks to go. :)


Please read this topic, and post your logs back in this topic when you are done.
  • 0

#3
aasimn

aasimn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
hey thanks 4 helping me ... appreciate it!

the malware program is installing but not doesnt open and the restore is not created shows error...."Unhandled exception has occured in your pplication. If you click Continue, the application will ignore this erroe and attempt to continue. If you click Quit, the application wil close immediately.

Exception from HRESULT:0x800423F4.

Details->See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.Runtime.InteropServices.COMException (0x800423F4): Exception from HRESULT: 0x800423F4
at Microsoft.VisualBasic.CompilerServices.LateBinding.LateGet(Object o, Type objType, String name, Object[] args, String[] paramnames, Boolean[] CopyBack)
at Microsoft.VisualBasic.CompilerServices.NewLateBinding.LateGet(Object Instance, Type Type, String MemberName, Object[] Arguments, String[] ArgumentNames, Type[] TypeArguments, Boolean[] CopyBack)
at SysRestorePoint.Module1.CreateRestorePoint()
at SysRestorePoint.Form1.Form1_Load(Object eventSender, EventArgs eventArgs)
at System.EventHandler.Invoke(Object sender, EventArgs e)
at System.Windows.Forms.Form.OnLoad(EventArgs e)
at System.Windows.Forms.Form.OnCreateControl()
at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
at System.Windows.Forms.Control.CreateControl()
at System.Windows.Forms.Control.WmShowWindow(Message& m)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
at System.Windows.Forms.ContainerControl.WndProc(Message& m)
at System.Windows.Forms.Form.WmShowWindow(Message& m)
at System.Windows.Forms.Form.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Loaded Assemblies **************
mscorlib
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3074 (QFE.050727-3000)
CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
SysRestorePoint
Assembly Version: 1.3.0.0
Win32 Version: 1.3.0.0
CodeBase: file:///C:/Users/Aasim%20N/Desktop/SysRestorePoint.exe
----------------------------------------
Microsoft.VisualBasic
Assembly Version: 8.0.0.0
Win32 Version: 8.0.50727.3053 (netfxsp.050727-3000)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualBasic/8.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualBasic.dll
----------------------------------------
System
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3053 (netfxsp.050727-3000)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Windows.Forms
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3053 (netfxsp.050727-3000)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3053 (netfxsp.050727-3000)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Runtime.Remoting
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3053 (netfxsp.050727-3000)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Runtime.Remoting/2.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
----------------------------------------
System.Configuration
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3053 (netfxsp.050727-3000)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Xml
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3074 (QFE.050727-3000)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box."

i clicked continue and waiting to c wat happens
--------------------------------------------------------------------------------------------------------------------------------------------------------------------

this is the rooster log

Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1

C:\ [Fixed] - NTFS - (Total:183600 Mo/Free:514 Mo)
D:\ [Removable] (Total:0 Mo/Free:0 Mo)
E:\ [Removable] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

01/05/2009| 2:41

----------------------\\ Processes..

--Locked-- [System Process]
--Locked-- System
---------- \SystemRoot\System32\smss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\wininit.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\services.exe
---------- C:\Windows\system32\lsass.exe
---------- C:\Windows\system32\lsm.exe
---------- C:\Windows\system32\winlogon.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
--Locked-- audiodg.exe
---------- C:\Windows\system32\SLsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\Dwm.exe
---------- C:\Windows\Explorer.EXE
---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe
---------- C:\Windows\System32\spoolsv.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Program Files\Google\Update\GoogleUpdate.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\AskBarDis\bar\bin\AskService.exe
---------- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
---------- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
---------- C:\Program Files\Sony\Network Utility\NSUService.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Spyware Doctor\pctsAuxs.exe
---------- C:\Program Files\Spyware Doctor\pctsSvc.exe
---------- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
---------- C:\Program Files\Spyware Doctor\pctsTray.exe
---------- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
---------- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\SearchIndexer.exe
---------- C:\Windows\system32\DRIVERS\xaudio.exe
---------- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
---------- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
---------- C:\Windows\system32\WUDFHost.exe
---------- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
---------- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
---------- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
---------- C:\Windows\System32\rundll32.exe
---------- C:\Windows\System32\rundll32.exe
---------- C:\Windows\System32\mobsync.exe
---------- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Windows Media Player\wmpnscfg.exe
---------- C:\Program Files\Apoint\Apoint.exe
---------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
---------- C:\Program Files\Windows Media Player\wmpnetwk.exe
---------- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
---------- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
---------- C:\Program Files\Sony\Network Utility\LANUtil.exe
---------- C:\Windows\VPro520.exe
---------- C:\Program Files\Apoint\ApMsgFwd.exe
---------- C:\Program Files\Apoint\Apntex.exe
---------- C:\Program Files\Windows Live\Contacts\wlcomm.exe
---------- C:\Windows\servicing\TrustedInstaller.exe
---------- C:\Program Files\iTunes\iTunes.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\Program Files\Google\Chrome\Application\chrome.exe
---------- C:\Program Files\Google\Chrome\Application\chrome.exe
---------- C:\Program Files\Google\Chrome\Application\chrome.exe
---------- C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
---------- C:\Windows\system32\SearchProtocolHost.exe
---------- C:\Windows\system32\SearchFilterHost.exe
---------- C:\Windows\system32\DllHost.exe
---------- C:\Windows\system32\DllHost.exe
---------- C:\Windows\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - 01/05/2009| 2:41

----------------------\\ Scan completed at 2:41


And this is OTList2 log

Extras-
OTListIt Extras logfile created on: 01/05/2009 02:48:22 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.1 Folder = C:\Users\Aasim N\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.45% Memory free
4.00 Gb Paging File | 2.95 Gb Available in Paging File | 73.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 179.30 Gb Total Space | 84.50 Gb Free Space | 47.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AASIMN-PC
Current User Name: Aasim N
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
Reg Error: Unknown registry data type File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate ()
C:\Program Files\PPMate\ppamnet.exe:*:Enabled:PPMate (ppmate)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

{297EA8CF-1A0B-47E6-BC42-0197448A87A8} = LPORT=6004 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE OUTLOOK | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\OUTLOOK.EXE |
{754DBFB0-76F9-4599-957A-B590B795D383} = LPORT=2869 | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS LIVE MESSENGER (UPNP-IN) | APP=SYSTEM |
{F153A2C6-B805-4C08-866E-FC6797381719} = LPORT=1900 | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS LIVE MESSENGER (SSDP-IN) | APP=SVCHOST.EXE | SVC=SSDPSRV |

========== Vista Active Application Exception List ==========

{02D287D9-D0F7-4243-B4E1-F5E537A08D54} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=BONJOUR | APP=C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE |
{1BD26FAE-845C-446F-BA6A-5EF726AE3E50} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=BONJOUR | APP=C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE |
{22BB191C-70BD-450B-90C8-84EFD3097074} = DIR=IN | ACTION=ALLOW | NAME=WINDOWS LIVE CALL | APP=C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\WLCSDK.EXE |
{2F8938BD-7946-414B-A22B-9CA77F79C2B3} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=GOOGLE TALK | APP=C:\PROGRAM FILES\GOOGLE\GOOGLE TALK\GOOGLETALK.EXE |
{36082900-42C7-4EAC-94CD-59F358C5AFFE} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE GROOVE | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE |
{36B60850-6639-4630-B2BD-1F07BEF2DBD5} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{4FE311EA-F6AE-4001-A0B6-77A367A4C28A} = DIR=IN | ACTION=ALLOW | NAME=WINDOWS LIVE MESSENGER | APP=C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE |
{57DA30EE-990E-4977-8F21-6C75C5F24C15} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE GROOVE | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE |
{709ED0BB-5ACD-4E79-88C3-FC94F3901EFC} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=GOOGLE TALK | APP=C:\PROGRAM FILES\GOOGLE\GOOGLE TALK\GOOGLETALK.EXE |
{A1907FAD-3559-4371-90B5-4AA328CCA00D} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MICROSOFT OFFICE ONENOTE | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{DC71B3CE-6DD6-44BA-9E35-B3858254A2DF} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ITUNES | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{E0B4A04E-3BAC-4220-8C1D-CF4E33545A59} = PROFILE=DOMAIN | DIR=IN | ACTION=ALLOW | NAME=MCAFEE NETWORK AGENT | APP=C:\PROGRAM FILES\COMMON FILES\MCAFEE\MNA\MCNASVC.EXE |
{FE533F28-2534-4FD9-9528-262B014E65F8} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ITUNES | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
TCP Query User{177ED131-AA28-4C64-BC31-21F51673DB50}C:\program files\skype\phone\skype.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=BLOCK | NAME=SKYPE. TAKE A DEEP BREATH | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
TCP Query User{3395D16E-D958-4758-8D36-E04948C29BC3}C:\program files\sopcast\sopcast.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST MAIN APPLICATION | APP=C:\PROGRAM FILES\SOPCAST\SOPCAST.EXE |
TCP Query User{46AFAD9C-929D-46A2-929B-7A01A3ADBE92}C:\program files\java\jre6\bin\java.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=JAVA™ PLATFORM SE BINARY | APP=C:\PROGRAM FILES\JAVA\JRE6\BIN\JAVA.EXE |
TCP Query User{6010C7E9-60A5-4DC4-A56F-743D0D2B7984}C:\program files\vuze\azureus.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AZUREUS | APP=C:\PROGRAM FILES\VUZE\AZUREUS.EXE |
TCP Query User{6F203E04-AEF0-4B7F-9302-E908C979F3C0}C:\program files\google\chrome\application\chrome.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=GOOGLE CHROME | APP=C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE |
TCP Query User{7287D925-8F89-41F4-89D6-2D3BC56AF2DD}C:\program files\tvants\tvants.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=TVANTS | APP=C:\PROGRAM FILES\TVANTS\TVANTS.EXE |
TCP Query User{D119C834-1049-4782-B78D-5CD8AA03A0C5}C:\program files\ppmate\ppamnet.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=PPMNET MODULE | APP=C:\PROGRAM FILES\PPMATE\PPAMNET.EXE |
TCP Query User{D29C76E3-49E8-41CA-BC56-4DA692DE8085}C:\program files\sopcast\adv\sopadver.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST ADVER | APP=C:\PROGRAM FILES\SOPCAST\ADV\SOPADVER.EXE |
TCP Query User{E0C08650-ED09-4532-A0D4-62530E0C0267}C:\program files\vuze\azureus.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AZUREUS | APP=C:\PROGRAM FILES\VUZE\AZUREUS.EXE |
TCP Query User{E7D83616-68FB-416D-9960-FFFAD156C980}C:\program files\internet explorer\iexplore.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=INTERNET EXPLORER | APP=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE |
TCP Query User{EFEBAFF7-DCF3-4609-9DC5-BE22566B0686}C:\program files\common files\synacast\synalive\pplive.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=PPLIVE | APP=C:\PROGRAM FILES\COMMON FILES\SYNACAST\SYNALIVE\PPLIVE.EXE |
TCP Query User{F3D437AC-16C7-4277-97A0-A27DE9E9F344}C:\program files\skype\phone\skype.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SKYPE. TAKE A DEEP BREATH | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
TCP Query User{FF6E5782-B48B-4966-8E2A-56F14F3E3161}C:\program files\mozilla firefox\firefox.exe = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=FIREFOX | APP=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE |
UDP Query User{22774795-6318-4EE9-8824-57B0D3E46DAE}C:\program files\mozilla firefox\firefox.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=FIREFOX | APP=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE |
UDP Query User{2C0A8593-9A1B-446A-BD52-B22EBE01CF48}C:\program files\vuze\azureus.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AZUREUS | APP=C:\PROGRAM FILES\VUZE\AZUREUS.EXE |
UDP Query User{37906D68-3721-4754-9293-69786704498D}C:\program files\ppmate\ppamnet.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=PPMNET MODULE | APP=C:\PROGRAM FILES\PPMATE\PPAMNET.EXE |
UDP Query User{51745C8A-243B-4DC2-BE91-C2503A0F5D8F}C:\program files\skype\phone\skype.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SKYPE. TAKE A DEEP BREATH | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
UDP Query User{74B3FB8F-A88B-473F-B38A-33B59176F0CF}C:\program files\sopcast\sopcast.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST MAIN APPLICATION | APP=C:\PROGRAM FILES\SOPCAST\SOPCAST.EXE |
UDP Query User{7768C922-C192-4F76-8D67-3563DEB3B483}C:\program files\vuze\azureus.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AZUREUS | APP=C:\PROGRAM FILES\VUZE\AZUREUS.EXE |
UDP Query User{94AE09A4-E915-4DD1-839B-6A60ECF99BA3}C:\program files\java\jre6\bin\java.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=JAVA™ PLATFORM SE BINARY | APP=C:\PROGRAM FILES\JAVA\JRE6\BIN\JAVA.EXE |
UDP Query User{9A7707D2-3571-4FDD-94CD-00AF11825874}C:\program files\internet explorer\iexplore.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=INTERNET EXPLORER | APP=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE |
UDP Query User{B7AC9230-AFB1-484D-B3AE-622452D5D0F6}C:\program files\sopcast\adv\sopadver.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SOPCAST ADVER | APP=C:\PROGRAM FILES\SOPCAST\ADV\SOPADVER.EXE |
UDP Query User{BB9E7497-0B96-4896-A416-9C6676241C2F}C:\program files\tvants\tvants.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=TVANTS | APP=C:\PROGRAM FILES\TVANTS\TVANTS.EXE |
UDP Query User{EAABA792-0E24-4016-B7FD-DF6862F68D8F}C:\program files\google\chrome\application\chrome.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=GOOGLE CHROME | APP=C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE |
UDP Query User{EFAEAA50-ED29-496A-BD36-F27EAEAD4616}C:\program files\skype\phone\skype.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=BLOCK | NAME=SKYPE. TAKE A DEEP BREATH | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
UDP Query User{F108E5D1-6D61-4DF9-9ACC-BCD6BBC205FE}C:\program files\common files\synacast\synalive\pplive.exe = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=PPLIVE | APP=C:\PROGRAM FILES\COMMON FILES\SYNACAST\SYNALIVE\PPLIVE.EXE |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0B3A8956-FAF7-4DB7-897C-86926C5323D2}" = Philips VLounge
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{27A2ABE9-E4C4-45DD-B9A8-CEEEE380E7E1}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{326DC400-1FC4-4D7D-946D-06D1EAB93200}" = VAIO Guide 
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44A91B04-3D0C-47F9-B644-7F682869AFF3}" = MobileMe Control Panel
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype 3.6
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{757CC5BA-BF08-46A5-8D10-64C6FDF659C6}" = VAIO Content Metadata Manager Setting
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C71059E-6DDD-4958-9251-7A5F865B6BA0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A33E457B-5369-481F-8B53-71108AE2EB5B}" = Roxio Easy Media Creator 10 LJ
"{A4399CF4-7A3F-4E84-B763-AD352640203D}" = VAIO Content Metadata XML Interface Library
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF877D9F-EBA4-4FAA-83D1-6A0C866AF4BD}" = Philips SPC520NC Webcam
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP1
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC56A2CB-EC09-4175-B8BD-93E2440D410B}" = VAIO Content Metadata Manager Setting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D06F5884-B439-440B-A58D-6C057C2FF8EB}" = Click to Disc
"{D0AE373E-C276-432B-9A95-F8DD356A8242}" = VAIO Movie Story
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D90507A2-6183-497D-9075-951DC80362DA}" = VAIO Media plus
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}" = VAIO Content Metadata Intelligent Analyzing Manager
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FACD3674-FC12-4B6C-A923-E1D687704E9B}" = VAIO Content Metadata XML Interface Library
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"520EB7B13D6313F71239600F750802893CCAE993" = Windows Driver Package - Philips USB (10/01/2007 1.10.03.5790)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Vuze Toolbar
"Atlantis - Sky Patrol" = Atlantis - Sky Patrol (remove only)
"avast!" = avast! Antivirus
"Big Fish Games Center" = Big Fish Games Center
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP1
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dt icon module" =
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"F492FEDB245A8EF894A2E6BF0B14C00831F4072C" = Windows Driver Package - Philips (SPC520) Image (10/01/2007 1.10.03.5790)
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GSpot" = GSpot Codec Information Appliance
"gtfirstboot Setting Request" =
"HeroCodec" = HeroCodec
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Standard)
"Mahjong Towers Eternity" = Mahjong Towers Eternity (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketingTools" = Vaio Marketing Tools
"MFU Module" =
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.1
"Picasa2" = Picasa 2
"ppmate" = PPMate Network TV 2.3.3.6
"PROHYBRIDR" = 2007 Microsoft Office system
"Spyware Doctor" = Spyware Doctor 6.0
"TVAnts 1.0" = TVAnts 1.0
"UUSEE" = UUSee [5.9.417.1]
"UUSEE_base" = UUSee Ų 5.9.410.1
"VAIO Help and Support" =
"VAIO_My Club VAIO" = My Club VAIO
"Veetle TV" = Veetle TV 0.9.14
"Virtual Villagers" = Virtual Villagers (remove only)
"VLC media player" = VLC media player 0.9.9
"Vuze" = Vuze
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/04/2009 19:59:16 | Computer Name = AasimN-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/04/2009 20:04:21 | Computer Name = AasimN-PC | Source = VSS | ID = 8194
Description =

Error - 15/04/2009 20:17:12 | Computer Name = AasimN-PC | Source = Windows Search Service | ID = 3006
Description =

Error - 15/04/2009 20:17:13 | Computer Name = AasimN-PC | Source = Windows Search Service | ID = 3007
Description =

Error - 17/04/2009 19:01:38 | Computer Name = AasimN-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 17/04/2009 19:02:20 | Computer Name = AasimN-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/04/2009 04:57:18 | Computer Name = AasimN-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 18/04/2009 04:58:44 | Computer Name = AasimN-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/04/2009 05:44:09 | Computer Name = AasimN-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 18/04/2009 05:45:21 | Computer Name = AasimN-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 21/04/2009 12:53:02 | Computer Name = AasimN-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 21/04/2009 13:08:39 | Computer Name = AasimN-PC | Source = BROWSER | ID = 8032
Description =

Error - 21/04/2009 15:08:46 | Computer Name = AasimN-PC | Source = HTTP | ID = 15016
Description =

Error - 21/04/2009 15:10:27 | Computer Name = AasimN-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21/04/2009 15:10:40 | Computer Name = AasimN-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 21/04/2009 15:25:31 | Computer Name = AasimN-PC | Source = BROWSER | ID = 8032
Description =

Error - 21/04/2009 15:37:13 | Computer Name = AasimN-PC | Source = HTTP | ID = 15016
Description =

Error - 21/04/2009 15:38:56 | Computer Name = AasimN-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21/04/2009 15:38:59 | Computer Name = AasimN-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 21/04/2009 17:20:27 | Computer Name = AasimN-PC | Source = HTTP | ID = 15016
Description =


< End of report >


OTLIST-

OTListIt logfile created on: 01/05/2009 02:48:22 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.1 Folder = C:\Users\Aasim N\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.45% Memory free
4.00 Gb Paging File | 2.95 Gb Available in Paging File | 73.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 179.30 Gb Total Space | 84.50 Gb Free Space | 47.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AASIMN-PC
Current User Name: Aasim N
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
PRC - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Windows\system32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe (PC Tools)
PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Windows\VPro520.exe (Philips)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashSimpl.exe (ALWIL Software)
PRC - C:\Users\Aasim N\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ASKService [Auto | Running]) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
SRV - (ASKUpgrade [Auto | Running]) -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (BcmSqlStartupSvc [Auto | Running]) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-010708-104812 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gupdate1c9bb14558392e0 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (IviRegMgr [Auto | Running]) -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MSCSPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (MSSQL$MSSMLBIZ [On_Demand | Stopped]) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NSUService [Auto | Running]) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PACSPTISVR [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (sdAuxService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (SOHCImp [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
SRV - (SOHDms [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
SRV - (SOHDs [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (SQLBrowser [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (ThreatFire [On_Demand | Running]) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe (PC Tools)
SRV - (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VAIO Event Service [Auto | Running]) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VcmIAlzMgr [On_Demand | Stopped]) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (Vcsw [On_Demand | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (vvdsvc [Auto | Stopped]) -- C:\Windows\system32\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)
SRV - (VzCdbSvc [Auto | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw [Auto | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\Windows\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt [Auto | Running]) -- C:\Windows\system32\DRIVERS\aswMonFlt.sys (ALWIL Software)
DRV - (aswRdr [System | Running]) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (athr [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\athr.sys (Atheros Communications, Inc.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (DMICall [System | Running]) -- C:\Windows\system32\DRIVERS\DMICall.sys (Sony Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\system32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw4v32 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\NETw4v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (PCTCore [Boot | Running]) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (pctgntdi [System | Running]) -- C:\Windows\System32\drivers\pctgntdi.sys (PC Tools)
DRV - (pctplsg [On_Demand | Running]) -- C:\Windows\System32\drivers\pctplsg.sys (PC Tools)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (regi [Auto | Running]) -- C:\Windows\system32\drivers\regi.sys (InterVideo)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SFEP [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\SFEP.sys (Sony Corporation)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (SPC520 [On_Demand | Stopped]) -- C:\Windows\system32\drivers\SPC520.sys (Philips )
DRV - (SPC520m [On_Demand | Stopped]) -- C:\Windows\system32\drivers\SPC520m.sys (Philips )
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (TfFsMon [Boot | Running]) -- C:\Windows\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (TfNetMon [On_Demand | Running]) -- C:\Windows\system32\drivers\TfNetMon.sys (PC Tools)
DRV - (TfSysMon [Boot | Running]) -- C:\Windows\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (ti21sony [On_Demand | Running]) -- C:\Windows\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (WimFltr [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\wimfltr.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)
DRV - (yukonwlh [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\yk60x86.sys (Marvell)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/12 03:17:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/19 23:56:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/19 23:56:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD

[2009/04/13 23:34:05 | 00,000,000 | ---D | M] -- C:\Users\Aasim N\AppData\Roaming\mozilla\Extensions
[2009/04/13 23:34:05 | 00,000,000 | ---D | M] -- C:\Users\Aasim N\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/12 02:20:07 | 00,000,000 | ---D | M] -- C:\Users\Aasim N\AppData\Roaming\mozilla\Firefox\extensions
[2009/04/12 02:20:07 | 00,000,000 | ---D | M] -- C:\Users\Aasim N\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/04/13 23:34:05 | 00,000,000 | ---D | M] -- C:\Users\Aasim N\AppData\Roaming\mozilla\Firefox\Profiles\i4od8s2z.default\extensions
[2009/04/13 23:33:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/13 23:33:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/27 02:21:37 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/27 02:21:37 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/01/04 16:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 19:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/04 16:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 10:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/09/22 20:14:04 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 05:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/28 19:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/04 16:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - Reg Error: Key error. File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - Reg Error: Key error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe File not found
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe File not found
O4 - HKLM..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" (Sony Corporation)
O4 - HKLM..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (NVIDIA Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" (Sony Corporation)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPro520.lnk = C:\Windows\VPro520.exe (Philips)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: ʹUUSeeٲ - C:\Program Files\uusee\geturltoplay.htm ()
O8 - Extra context menu item: ʹUUSee - C:\Program Files\uusee\geturltodown.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.tvucricke...cx-en-black.cab (VodClient Control Class)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ab4eb924-273d-11de-9819-001a80f22a5d}\Shell\AutoRun\command - "" = G:\.\EncryptionTool\MaxtorEncryption.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\EncryptionTool\MaxtorEncryption.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/05/01 02:42:38 | 00,504,320 | ---- | C] (OldTimer Tools) -- C:\Users\Aasim N\Desktop\OTListIt2.exe
[2009/05/01 02:41:14 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/01 02:29:56 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/05/01 02:29:56 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/05/01 02:29:56 | 00,001,849 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/05/01 02:29:55 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/05/01 02:29:53 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/05/01 02:29:53 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/05/01 02:29:36 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/05/01 02:29:36 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009/05/01 02:29:36 | 00,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/05/01 02:29:34 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/01 02:22:21 | 00,000,042 | ---- | C] () -- C:\Windows\System32\AK083E209605E394C.lie
[2009/05/01 02:22:17 | 00,000,771 | ---- | C] () -- C:\Users\Aasim N\Desktop\Perfect Uninstaller.lnk
[2009/05/01 02:22:17 | 00,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2009/05/01 02:15:05 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/05/01 02:14:45 | 00,000,733 | ---- | C] () -- C:\Users\Aasim N\Desktop\NTREGOPT.lnk
[2009/05/01 02:14:45 | 00,000,714 | ---- | C] () -- C:\Users\Aasim N\Desktop\ERUNT.lnk
[2009/05/01 02:14:45 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/30 23:23:19 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/04/27 23:01:23 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/04/27 23:01:23 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/27 23:01:21 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/04/27 23:01:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/04/27 23:01:19 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/27 21:45:08 | 00,000,000 | ---D | C] -- C:\ProgramData\ESET
[2009/04/27 21:05:57 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/04/26 21:37:46 | 00,000,000 | ---D | C] -- C:\Temp
[2009/04/26 02:15:43 | 00,000,000 | ---D | C] -- C:\RECYCLER
[2009/04/26 02:15:25 | 00,000,000 | ---D | C] -- C:\Program Files\HeroCodec
[2009/04/25 17:03:50 | 00,000,407 | ---- | C] () -- C:\Windows\psnetwork.ini
[2009/04/25 17:03:50 | 00,000,074 | ---- | C] () -- C:\Windows\powerplayer.ini
[2009/04/25 17:03:50 | 00,000,013 | ---- | C] () -- C:\Windows\msgtn.ini
[2009/04/25 16:53:01 | 00,000,000 | ---D | C] -- C:\pfsvoddata
[2009/04/25 16:52:58 | 00,000,000 | ---D | C] -- C:\ProgramData\PPLive
[2009/04/25 16:52:57 | 00,000,000 | ---D | C] -- C:\Windows\System32\PPLive
[2009/04/25 16:52:57 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Roaming\PPLive
[2009/04/25 16:51:45 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Roaming\SopCast
[2009/04/25 16:51:44 | 00,000,000 | ---D | C] -- C:\ppmaterecord
[2009/04/25 16:50:58 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Roaming\PPMate
[2009/04/25 16:50:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Synacast
[2009/04/25 16:50:29 | 00,000,000 | ---D | C] -- C:\Program Files\PPMate
[2009/04/25 00:55:20 | 00,011,005 | ---- | C] () -- C:\Users\Aasim N\Documents\Vasimali Siddiqi covering letter.docx
[2009/04/23 21:29:34 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\Documents\VLounge Album
[2009/04/23 21:29:34 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Roaming\ArcSoft
[2009/04/22 21:16:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\uusee
[2009/04/22 21:16:15 | 00,000,000 | ---D | C] -- C:\Program Files\uusee
[2009/04/22 19:51:23 | 00,000,000 | -H-D | C] -- C:\VJVod_Cache
[2009/04/22 17:23:21 | 00,000,000 | ---D | C] -- C:\Windows\System32\nagasoft
[2009/04/22 12:36:03 | 00,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPro520.lnk
[2009/04/22 12:24:37 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/04/21 22:21:15 | 00,051,488 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2009/04/21 22:21:15 | 00,039,200 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2009/04/21 22:21:15 | 00,033,056 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2009/04/21 22:21:15 | 00,012,576 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfKbMon.sys
[2009/04/21 22:04:55 | 00,159,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2009/04/21 22:04:48 | 00,130,936 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2009/04/21 22:04:48 | 00,073,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2009/04/21 22:04:43 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/04/21 22:04:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/04/21 22:04:32 | 00,064,392 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2009/04/21 22:04:25 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Roaming\PC Tools
[2009/04/21 22:04:25 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/04/21 22:04:25 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/04/21 20:32:24 | 00,000,000 | ---D | C] -- C:\Program Files\TVAnts
[2009/04/21 19:59:02 | 00,000,000 | ---D | C] -- C:\Program Files\Veetle
[2009/04/20 00:46:29 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/20 00:46:22 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/20 00:46:22 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/20 00:37:26 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009/04/20 00:00:09 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Roaming\Apple Computer
[2009/04/19 23:59:46 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/04/19 23:59:09 | 00,000,000 | ---D | C] -- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/19 23:56:59 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/04/19 23:56:05 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/04/19 23:56:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/04/19 23:55:09 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/04/19 23:53:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/04/19 23:53:11 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/04/19 23:48:47 | 00,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2009/04/19 16:33:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/04/18 00:25:00 | 00,193,405 | ---- | C] () -- C:\Users\Aasim N\Documents\Writing_the_Perfect_Cover_Letter.pdf
[2009/04/17 15:45:11 | 00,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2009/04/17 15:45:11 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Roaming\skypePM
[2009/04/17 14:55:12 | 00,041,984 | ---- | C] () -- C:\Users\Aasim N\Desktop\CV - Mohamed Aasim.doc
[2009/04/16 22:32:41 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/04/16 01:16:30 | 00,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2009/04/16 01:07:52 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2009/04/15 22:26:48 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Roaming\Skype
[2009/04/15 20:37:15 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Roaming\vlc
[2009/04/15 16:12:49 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/04/15 03:32:18 | 00,021,391 | ---- | C] () -- C:\Users\Aasim N\Desktop\Mohamed Aasim.docx
[2009/04/14 19:25:46 | 03,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/04/14 19:25:45 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/04/14 19:25:43 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/04/14 19:25:42 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/04/14 19:25:42 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/04/14 19:25:40 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/04/14 19:25:40 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/04/14 19:25:37 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/04/14 19:25:37 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/04/14 19:25:37 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/04/14 19:25:37 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/04/14 19:25:37 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/04/14 19:25:36 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/04/14 19:25:34 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/04/14 19:25:34 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/04/14 19:25:27 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/14 19:25:24 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/14 19:25:24 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/04/14 19:25:16 | 03,599,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/04/14 19:25:16 | 00,551,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/04/14 19:25:15 | 03,547,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/04/14 19:25:12 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/04/14 19:25:12 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/04/14 19:25:10 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/14 19:25:10 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/14 19:25:10 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/14 19:25:09 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/14 19:25:09 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009/04/14 19:25:04 | 01,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/04/14 19:25:04 | 00,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/14 19:25:01 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/14 19:25:01 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/14 19:25:01 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/13 23:33:43 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/04/13 20:36:06 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\Documents\My Received Files
[2009/04/13 18:48:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2009/04/13 18:48:03 | 00,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\PCDLIB32.DLL
[2009/04/13 18:48:02 | 00,245,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unicows.dll
[2009/04/13 18:47:10 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2009/04/13 18:46:21 | 00,307,200 | ---- | C] (Philips) -- C:\Windows\System32\stvspc.ax
[2009/04/13 18:46:20 | 00,483,328 | ---- | C] (Philips ) -- C:\Windows\System32\drivers\SPC520.sys
[2009/04/13 18:46:20 | 00,007,680 | ---- | C] (Philips ) -- C:\Windows\System32\drivers\SPC520m.sys
[2009/04/13 18:45:53 | 00,000,000 | ---D | C] -- C:\Program Files\Philips
[2009/04/13 18:45:51 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\MFC71.dll
[2009/04/13 18:45:51 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\msvcr71.dll
[2009/04/13 18:45:51 | 00,073,728 | ---- | C] (Philips) -- C:\Windows\VPro520.exe
[2009/04/13 18:45:50 | 00,000,000 | ---D | C] -- C:\Windows\Philips
[2009/04/13 18:45:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SPC520NC
[2009/04/13 18:44:21 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\Documents\Azureus Downloads
[2009/04/13 18:43:50 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Roaming\InstallShield
[2009/04/12 09:39:28 | 00,000,040 | -H-- | C] () -- C:\Windows\System32\ivireg.ivr
[2009/04/12 09:34:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InterVideo
[2009/04/12 09:33:43 | 00,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2009/04/12 09:33:12 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2009/04/12 09:33:12 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2009/04/12 09:33:12 | 00,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2009/04/12 09:33:12 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2009/04/12 09:33:12 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2009/04/12 09:33:12 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2009/04/12 09:33:12 | 00,068,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2009/04/12 09:33:12 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2009/04/12 09:33:11 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2009/04/12 09:33:11 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2009/04/12 09:33:11 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2009/04/12 09:33:11 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2009/04/12 09:33:11 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2009/04/12 09:33:08 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2009/04/12 09:33:08 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2009/04/12 09:33:08 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2009/04/12 09:33:08 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2009/04/12 09:33:08 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2009/04/12 09:33:08 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2009/04/12 09:33:07 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2009/04/12 09:33:07 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2009/04/12 09:33:07 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2009/04/12 09:32:49 | 00,000,000 | ---D | C] -- C:\Documentation
[2009/04/12 09:32:47 | 00,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009/04/12 09:27:41 | 00,000,000 | ---D | C] -- C:\Program Files\Skype
[2009/04/12 09:27:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/04/12 09:27:39 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/04/12 09:27:35 | 00,000,000 | ---D | C] -- C:\ProgramData\Uninstall
[2009/04/12 09:27:28 | 00,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2009/04/12 09:27:17 | 00,000,000 | ---D | C] -- C:\Program Files\Roxio
[2009/04/12 09:26:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2009/04/12 09:26:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2009/04/12 09:24:25 | 00,000,000 | ---D | C] -- C:\ProgramData\Sony
[2009/04/12 09:23:35 | 00,143,360 | ---- | C] (Inner Media, Inc.) -- C:\Windows\System32\dunzip32.dll
[2009/04/12 09:22:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Google
[2009/04/12 09:21:25 | 00,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2009/04/12 09:21:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2009/04/12 09:21:03 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009/04/12 09:18:45 | 00,000,000 | ---D | C] -- C:\Program Files\Picasa2
[2009/04/12 09:18:42 | 00,000,000 | ---D | C] -- C:\Program Files\Google BAE
[2009/04/12 09:18:31 | 00,000,422 | ---- | C] () -- C:\Windows\System32\mapisvc.inf
[2009/04/12 09:18:02 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Small Business
[2009/04/12 09:15:57 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2009/04/12 09:14:58 | 00,000,000 | ---D | C] -- C:\Program Files\BFG
[2009/04/12 09:14:53 | 00,000,000 | ---D | C] -- C:\Big Fish Games
[2009/04/12 09:14:43 | 00,000,000 | ---D | C] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009/04/12 09:14:39 | 00,000,000 | ---D | C] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2009/04/12 09:13:30 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/04/12 09:13:12 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/04/12 09:13:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/04/12 09:12:42 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009/04/12 09:12:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/04/12 09:11:04 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2009/04/12 09:11:04 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/04/12 09:10:51 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/04/12 09:09:38 | 00,000,000 | ---D | C] -- C:\Windows\Sonysys
[2009/04/12 09:09:38 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009/04/12 09:04:06 | 00,000,000 | ---D | C] -- C:\Intel
[2009/04/12 09:02:27 | 21,437,72672 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/12 09:02:25 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/04/12 03:43:42 | 00,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/12 03:43:42 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/12 03:43:42 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2009/04/12 03:43:39 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2009/04/12 03:43:27 | 00,754,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2009/04/12 03:43:27 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2009/04/12 03:43:27 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2009/04/12 03:43:27 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2009/04/12 03:43:27 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2009/04/12 03:43:27 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009/04/12 03:43:27 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2009/04/12 03:43:27 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2009/04/12 03:43:27 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2009/04/12 03:43:27 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2009/04/12 03:43:25 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2009/04/12 03:43:25 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2009/04/12 03:43:25 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2009/04/12 03:43:25 | 00,439,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2009/04/12 03:43:25 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2009/04/12 03:43:25 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2009/04/12 03:43:25 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2009/04/12 03:43:25 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2009/04/12 03:43:25 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2009/04/12 03:43:25 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2009/04/12 03:43:25 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2009/04/12 03:43:25 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2009/04/12 03:43:24 | 01,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2009/04/12 03:43:24 | 01,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2009/04/12 03:43:24 | 00,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2009/04/12 03:43:24 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2009/04/12 03:43:24 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2009/04/12 03:40:33 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/04/12 03:21:51 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/04/12 03:21:46 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/04/12 03:16:29 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\Documents\Downloads
[2009/04/12 03:13:56 | 00,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachine.job
[2009/04/12 03:13:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/04/12 03:12:22 | 00,000,000 | ---D | C] -- C:\Program Files\GSpot
[2009/04/12 03:09:42 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/04/12 03:09:12 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/04/12 03:09:08 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/04/12 03:09:04 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/04/12 03:09:04 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/04/12 03:09:03 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/04/12 03:09:02 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/04/12 03:08:57 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/04/12 03:08:44 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/04/12 02:58:28 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/04/12 02:58:10 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/04/12 02:58:04 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/04/12 02:56:52 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/04/12 02:56:28 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/04/12 02:55:12 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/04/12 02:35:04 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/04/12 02:35:04 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/04/12 02:35:01 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/04/12 02:34:58 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/04/12 02:34:58 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/04/12 02:34:58 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2009/04/12 02:31:52 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/04/12 02:31:50 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/04/12 02:31:35 | 00,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/04/12 02:24:40 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/04/12 02:24:39 | 01,695,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/04/12 02:24:38 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/04/12 02:24:27 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Roaming\WinRAR
[2009/04/12 02:24:03 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Roaming\DivX
[2009/04/12 02:23:33 | 11,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/04/12 02:23:21 | 00,615,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009/04/12 02:23:21 | 00,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009/04/12 02:23:20 | 00,988,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/04/12 02:23:18 | 00,927,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/04/12 02:23:05 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2009/04/12 02:23:04 | 00,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2009/04/12 02:23:04 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2009/04/12 02:23:04 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
[2009/04/12 02:23:04 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2009/04/12 02:23:01 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2009/04/12 02:21:54 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/04/12 02:21:46 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/04/12 02:21:42 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009/04/12 02:21:42 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2009/04/12 02:21:38 | 10,622,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/04/12 02:21:35 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/04/12 02:21:34 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/04/12 02:21:34 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/04/12 02:21:34 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/04/12 02:21:32 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/04/12 02:21:30 | 00,891,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/04/12 02:21:29 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2009/04/12 02:21:29 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2009/04/12 02:21:26 | 02,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/04/12 02:21:24 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/04/12 02:21:23 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/04/12 02:21:20 | 01,191,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/04/12 02:21:18 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/04/12 02:21:18 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/04/12 02:21:18 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/04/12 02:21:15 | 00,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/04/12 02:21:13 | 00,212,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/04/12 02:21:11 | 00,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/04/12 02:21:11 | 00,565,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll
[2009/04/12 02:21:11 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2009/04/12 02:21:10 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/04/12 02:21:10 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/04/12 02:21:08 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/04/12 02:21:04 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009/04/12 02:20:59 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/04/12 02:20:56 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/04/12 02:20:44 | 00,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/04/12 02:20:44 | 00,000,000 | ---D | C] -- C:\ProgramData\Azureus
[2009/04/12 02:20:35 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Roaming\Yahoo!
[2009/04/12 02:20:35 | 00,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2009/04/12 02:20:25 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/04/12 02:20:20 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/04/12 02:20:07 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Roaming\Mozilla
[2009/04/12 02:20:06 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Roaming\Azureus
[2009/04/12 02:20:06 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/04/12 02:19:22 | 00,000,000 | ---D | C] -- C:\Program Files\Vuze
[2009/04/12 02:19:14 | 00,000,000 | R--D | C] -- C:\Users\Aasim N\Desktop\Shortcuts
[2009/04/12 02:18:29 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/04/12 02:16:39 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/04/12 02:13:37 | 00,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/04/12 02:13:36 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/04/12 02:13:35 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2009/04/12 02:13:35 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2009/04/12 02:13:35 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2009/04/12 02:13:35 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2009/04/12 02:13:35 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2009/04/12 02:13:34 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2009/04/12 02:13:29 | 02,868,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/04/12 02:13:28 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/04/12 02:13:26 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/04/12 02:13:26 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/04/12 02:13:23 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/04/12 02:13:22 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/04/12 02:13:10 | 00,738,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/04/12 02:12:44 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/04/12 02:06:49 | 01,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/04/12 02:00:38 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/04/12 02:00:28 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/04/12 02:00:13 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/04/12 01:59:53 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/04/12 01:54:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/04/12 01:54:19 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/04/12 01:54:19 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/04/12 01:54:19 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/04/12 01:54:19 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/04/12 01:53:26 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/04/12 01:53:26 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/04/12 01:53:26 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/04/12 01:53:10 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/04/12 01:53:10 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/04/12 01:52:54 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Roaming\Macromedia
[2009/04/12 01:52:51 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Roaming\Adobe
[2009/04/12 01:52:40 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Roaming\Google
[2009/04/12 01:48:24 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\Documents\My Google Gadgets
[2009/04/12 01:47:06 | 00,000,000 | RH-- | C] () -- C:\Windows\System32\drivers\Sony_VGN-NR32SS.mrk
[2009/04/12 01:46:33 | 00,000,000 | -HSD | C] -- C:\Users\Aasim N\Documents\My Videos
[2009/04/12 01:46:33 | 00,000,000 | -HSD | C] -- C:\Users\Aasim N\Documents\My Pictures
[2009/04/12 01:46:33 | 00,000,000 | -HSD | C] -- C:\Users\Aasim N\Documents\My Music
[2009/04/12 01:46:26 | 00,049,077 | ---- | C] () -- C:\Users\Aasim N\AppData\Roaming\nvModes.dat
[2009/04/12 01:46:26 | 00,049,077 | ---- | C] () -- C:\Users\Aasim N\AppData\Roaming\nvModes.001
[2009/04/12 01:46:26 | 00,000,402 | -HS- | C] () -- C:\Users\Aasim N\Documents\desktop.ini
[2009/04/12 01:46:26 | 00,000,282 | -HS- | C] () -- C:\Users\Aasim N\Desktop\desktop.ini
[2009/04/12 01:46:26 | 00,000,174 | -HS- | C] () -- C:\Users\Aasim N\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2009/04/12 01:46:26 | 00,000,000 | --SD | C] -- C:\Users\Aasim N\AppData\Roaming\Microsoft
[2009/04/12 01:46:26 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Roaming\Sony Corporation
[2009/04/12 01:46:26 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Roaming\Media Center Programs
[2009/04/12 01:46:26 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Roaming\Identities
[2009/04/12 01:46:26 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Roaming
[2009/04/12 01:46:26 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\LocalLow
[2009/04/12 01:46:26 | 00,000,000 | ---D | C] -- C:\Users\Aasim N\AppData\Local
[2009/02/04 10:50:32 | 00,024,576 | ---- | C] () -- C:\Windows\System32\nsis_loader.dll
[2008/02/05 01:09:01 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2007/09/12 00:57:44 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Files - Modified Within 30 Days ==========

[2009/05/01 02:42:40 | 00,504,320 | ---- | M] (OldTimer Tools) -- C:\Users\Aasim N\Desktop\OTListIt2.exe
[2009/05/01 02:38:17 | 00,049,077 | ---- | M] () -- C:\Users\Aasim N\AppData\Roaming\nvModes.001
[2009/05/01 02:32:13 | 00,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachine.job
[2009/05/01 02:32:12 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/01 02:32:05 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/05/01 02:32:05 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/05/01 02:32:00 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/01 02:31:56 | 21,437,72672 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/01 02:29:56 | 00,001,849 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/05/01 02:29:53 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/05/01 02:22:21 | 00,000,042 | ---- | M] () -- C:\Windows\System32\AK083E209605E394C.lie
[2009/05/01 02:22:17 | 00,000,771 | ---- | M] () -- C:\Users\Aasim N\Desktop\Perfect Uninstaller.lnk
[2009/05/01 02:14:45 | 00,000,733 | ---- | M] () -- C:\Users\Aasim N\Desktop\NTREGOPT.lnk
[2009/05/01 02:14:45 | 00,000,714 | ---- | M] () -- C:\Users\Aasim N\Desktop\ERUNT.lnk
[2009/04/27 23:01:23 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/27 21:09:57 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/04/25 17:29:14 | 00,000,407 | ---- | M] () -- C:\Windows\psnetwork.ini
[2009/04/25 17:29:14 | 00,000,013 | ---- | M] () -- C:\Windows\msgtn.ini
[2009/04/25 17:28:51 | 00,000,074 | ---- | M] () -- C:\Windows\powerplayer.ini
[2009/04/25 00:55:21 | 00,011,005 | ---- | M] () -- C:\Users\Aasim N\Documents\Vasimali Siddiqi covering letter.docx
[2009/04/21 00:31:04 | 00,770,118 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/04/21 00:31:04 | 00,655,854 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/04/21 00:31:04 | 00,127,400 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/04/18 00:39:46 | 00,041,984 | ---- | M] () -- C:\Users\Aasim N\Desktop\CV - Mohamed Aasim.doc
[2009/04/18 00:25:00 | 00,193,405 | ---- | M] () -- C:\Users\Aasim N\Documents\Writing_the_Perfect_Cover_Letter.pdf
[2009/04/18 00:01:08 | 00,394,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/04/17 16:27:47 | 00,049,077 | ---- | M] () -- C:\Users\Aasim N\AppData\Roaming\nvModes.dat
[2009/04/17 15:45:11 | 00,000,032 | ---- | M] () -- C:\ProgramData\ezsid.dat
[2009/04/17 14:54:31 | 00,021,391 | ---- | M] () -- C:\Users\Aasim N\Desktop\Mohamed Aasim.docx
[2009/04/13 18:45:51 | 00,001,251 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPro520.lnk
[2009/04/12 09:42:08 | 00,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009/04/12 09:39:30 | 00,000,040 | -H-- | M] () -- C:\Windows\System32\ivireg.ivr
[2009/04/12 09:32:47 | 00,000,000 | ---- | M] () -- C:\Windows\VAIOUpdt.INI
[2009/04/12 09:30:26 | 00,000,336 | -HS- | M] () -- C:\Users\Public\Desktop\desktop.ini
[2009/04/12 03:51:45 | 00,000,422 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2009/04/12 03:21:28 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini
[2009/04/12 02:16:39 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/04/12 01:47:33 | 00,000,402 | -HS- | M] () -- C:\Users\Aasim N\Documents\desktop.ini
[2009/04/12 01:47:32 | 00,000,282 | -HS- | M] () -- C:\Users\Aasim N\Desktop\desktop.ini
[2009/04/12 01:47:32 | 00,000,174 | -HS- | M] () -- C:\Users\Aasim N\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2009/04/12 01:47:06 | 00,000,000 | RH-- | M] () -- C:\Windows\System32\drivers\Sony_VGN-NR32SS.mrk
[2009/04/06 15:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/04/03 11:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1CA73D29
< End of report >
  • 0

#4
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello aasimn,

  • Please open OTListIt2.exe
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :OTLI
    SRV - (ASKService [Auto | Running]) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
    SRV - (ASKUpgrade [Auto | Running]) -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    
    :Files
    C:\Windows\System32\AK083E209605E394C.lie
    
    :Commands
    [purity]
    [emptytemp]
    [reboot]
  • Return to OTListIt2, right click in the "Custom Scans/fixes" window (under the light blue bar) and choose Paste.
  • Click the Run Fix button.
  • Let the program run until it is finished, reboot when it is done.
  • It will produce a log for you on reboot, please post that log in your next reply.

  • 0

#5
aasimn

aasimn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
i cant seem to run OTC2 for that code...it keeps hanging up.
Avast keeps sayin Virus was found. Type: Win32.Trojan gen (other)
C:\Windows\System32\gxvxcwiprniyqiellodqovitxccotnuoedbed.dll

shall I move/rename, delete, repair or move to chest?

m not sure coz its a system file. thanks
  • 0

#6
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello aasimn,
You can have Avast delete that, it is a bad file.


Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
aasimn

aasimn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
heres the combofix log
thx

ComboFix 09-05-02.4 - Aasim N 02/05/2009 3:00.1 - NTFSx86
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.44.1033.18.2046.1315 [GMT 1:00]
Running from: c:\users\Aasim N\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gxvxcbnehmhuxispkuwnijytepmvqtriercnq.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcwiprniyqiellodqovitxccotnuoedbed.dll
c:\windows\system32\x64

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.

2009-05-01 12:08 . 2009-05-01 12:08 -------- d-----w c:\users\Aasim N\AppData\Local\Apple
2009-05-01 10:08 . 2009-05-01 10:08 -------- d-----w C:\_OTListIt
2009-05-01 01:41 . 2009-05-01 01:41 -------- d-----w C:\Rooter$
2009-05-01 01:37 . 2009-05-02 01:04 -------- d-----w c:\users\Aasim N\AppData\Local\Apple Computer
2009-05-01 01:29 . 2009-02-05 20:06 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-05-01 01:29 . 2009-05-01 01:29 -------- d-----w c:\program files\Alwil Software
2009-05-01 01:22 . 2009-05-01 01:22 -------- d-----w c:\program files\Perfect Uninstaller
2009-05-01 01:14 . 2009-05-01 01:14 -------- d-----w c:\program files\ERUNT
2009-04-30 22:23 . 2009-04-30 22:23 -------- d-sh--w C:\$RECYCLE.BIN
2009-04-28 00:20 . 2009-04-28 00:20 -------- d-----w c:\users\Aasim N\AppData\Local\ESET
2009-04-27 22:01 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-27 22:01 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 22:01 . 2009-04-27 22:01 -------- d-----w c:\programdata\Malwarebytes
2009-04-27 22:01 . 2009-04-27 22:01 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-27 22:01 . 2009-05-01 01:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-27 20:45 . 2009-04-27 20:45 -------- d-----w c:\programdata\ESET
2009-04-27 20:45 . 2009-04-27 20:45 -------- d-----w c:\users\All Users\ESET
2009-04-27 20:05 . 2009-04-27 20:09 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-26 20:37 . 2009-04-26 20:37 -------- d-----w c:\temp\Sony Corporation
2009-04-26 20:37 . 2009-04-26 20:37 -------- d-----w C:\Temp
2009-04-26 01:15 . 2009-04-26 01:15 -------- d-----w c:\program files\HeroCodec
2009-04-25 15:53 . 2009-04-25 15:53 -------- d-----w C:\pfsvoddata
2009-04-25 15:52 . 2009-04-25 16:22 -------- d-----w c:\programdata\PPLive
2009-04-25 15:52 . 2009-04-25 16:22 -------- d-----w c:\users\All Users\PPLive
2009-04-25 15:52 . 2009-04-25 15:52 -------- d-----w c:\users\Aasim N\AppData\Roaming\PPLive
2009-04-25 15:52 . 2009-04-25 15:53 -------- d-----w c:\windows\system32\PPLive
2009-04-25 15:51 . 2009-04-25 15:55 -------- d-----w c:\users\Aasim N\AppData\Roaming\SopCast
2009-04-25 15:51 . 2009-04-25 15:51 -------- d-----w C:\ppmaterecord
2009-04-25 15:50 . 2009-04-25 15:50 -------- d-----w c:\users\Aasim N\AppData\Roaming\PPMate
2009-04-25 15:50 . 2009-04-25 15:50 -------- d-----w c:\program files\Common Files\Synacast
2009-04-25 15:50 . 2009-04-25 16:28 -------- d-----w c:\program files\PPMate
2009-04-23 20:29 . 2009-04-23 20:29 -------- d-----w c:\users\Aasim N\AppData\Roaming\ArcSoft
2009-04-22 20:16 . 2009-04-22 20:16 -------- d-----w c:\program files\Common Files\uusee
2009-04-22 20:16 . 2009-04-22 20:16 -------- d-----w c:\program files\uusee
2009-04-22 18:51 . 2009-04-22 18:51 -------- d--h--w C:\VJVod_Cache
2009-04-22 16:23 . 2009-04-22 16:23 -------- d-----w c:\windows\system32\nagasoft
2009-04-21 21:21 . 2009-03-31 10:23 39200 ----a-w c:\windows\system32\drivers\TfSysMon.sys
2009-04-21 21:21 . 2009-03-31 10:23 33056 ----a-w c:\windows\system32\drivers\TfNetMon.sys
2009-04-21 21:21 . 2009-03-31 10:23 12576 ----a-w c:\windows\system32\drivers\TfKbMon.sys
2009-04-21 21:21 . 2009-03-31 10:23 51488 ----a-w c:\windows\system32\drivers\TfFsMon.sys
2009-04-21 21:04 . 2008-12-11 07:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-21 21:04 . 2009-04-03 10:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-21 21:04 . 2008-12-18 11:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-21 21:04 . 2009-05-02 01:51 -------- d---a-w c:\programdata\TEMP
2009-04-21 21:04 . 2009-05-02 01:51 -------- d---a-w c:\users\All Users\TEMP
2009-04-21 21:04 . 2009-04-21 21:05 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-21 21:04 . 2008-12-10 10:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-04-21 21:04 . 2009-04-21 21:23 -------- d-----w c:\programdata\PC Tools
2009-04-21 21:04 . 2009-04-21 21:23 -------- d-----w c:\users\All Users\PC Tools
2009-04-21 21:04 . 2009-04-21 21:04 -------- d-----w c:\users\Aasim N\AppData\Roaming\PC Tools
2009-04-21 21:04 . 2009-05-02 01:50 -------- d-----w c:\program files\Spyware Doctor
2009-04-21 19:32 . 2009-04-21 19:32 -------- d-----w c:\program files\TVAnts
2009-04-21 18:59 . 2009-04-21 18:59 -------- d-----w c:\program files\Veetle
2009-04-19 23:46 . 2008-04-17 11:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-19 23:46 . 2009-03-19 15:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-19 23:46 . 2009-04-19 23:46 -------- d-----w c:\program files\iPod
2009-04-19 23:46 . 2009-04-19 23:46 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-19 22:53 . 2009-04-19 22:53 -------- d-----w c:\programdata\Apple
2009-04-19 22:53 . 2009-04-19 22:53 -------- d-----w c:\users\All Users\Apple
2009-04-19 22:48 . 2009-04-19 22:48 -------- d-----w c:\windows\system32\URTTEMP
2009-04-19 21:08 . 2009-04-19 21:08 -------- d-----r c:\windows\system32\config\systemprofile\Music
2009-04-19 15:33 . 2009-04-19 15:33 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-17 14:45 . 2009-04-17 14:45 32 ----a-w c:\programdata\ezsid.dat
2009-04-17 14:45 . 2009-04-17 14:45 32 ----a-w c:\users\All Users\ezsid.dat
2009-04-17 14:45 . 2009-05-01 23:04 -------- d-----w c:\users\Aasim N\AppData\Roaming\skypePM
2009-04-16 21:32 . 2009-04-16 21:32 -------- d-----w c:\programdata\WindowsSearch
2009-04-16 21:32 . 2009-04-16 21:32 -------- d-----w c:\users\All Users\WindowsSearch
2009-04-16 00:16 . 2006-10-26 18:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-04-16 00:07 . 2009-04-16 00:07 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-04-15 21:26 . 2009-05-02 00:17 -------- d-----w c:\users\Aasim N\AppData\Roaming\Skype
2009-04-15 19:37 . 2009-04-15 19:37 -------- d-----w c:\users\Aasim N\AppData\Roaming\vlc
2009-04-13 22:33 . 2009-04-13 22:33 -------- d-----w c:\users\Aasim N\AppData\Local\Mozilla
2009-04-13 17:48 . 2009-04-13 17:48 -------- d-----w c:\program files\Common Files\ArcSoft
2009-04-13 17:48 . 1995-08-01 03:44 212480 ----a-w c:\windows\PCDLIB32.DLL
2009-04-13 17:48 . 2005-04-27 15:36 245408 ----a-w c:\windows\system32\unicows.dll
2009-04-13 17:47 . 2009-04-13 17:47 -------- d-----w c:\program files\DIFX
2009-04-13 17:46 . 2007-10-01 13:38 7680 ----a-w c:\windows\system32\drivers\SPC520m.sys
2009-04-13 17:46 . 2007-10-01 13:38 483328 ----a-w c:\windows\system32\drivers\SPC520.sys
2009-04-13 17:45 . 2009-04-13 17:46 -------- d-----w c:\program files\Philips
2009-04-13 17:45 . 2003-02-21 12:42 348160 ----a-w c:\windows\msvcr71.dll
2009-04-13 17:45 . 2007-04-06 11:42 73728 ----a-w c:\windows\VPro520.exe
2009-04-13 17:45 . 2003-03-19 05:20 1060864 ----a-w c:\windows\MFC71.dll
2009-04-13 17:45 . 2009-04-13 17:46 -------- d-----w c:\program files\Common Files\SPC520NC
2009-04-13 17:45 . 2009-04-13 17:45 -------- d-----w c:\windows\Philips
2009-04-13 17:43 . 2009-04-13 17:43 -------- d-----w c:\users\Aasim N\AppData\Roaming\InstallShield
2009-04-12 21:11 . 2009-04-12 21:11 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-12 21:06 . 2009-04-13 18:29 -------- d-----w c:\users\Aasim N\AppData\Local\Microsoft Games
2009-04-12 08:34 . 2009-04-12 08:34 -------- d-----w c:\program files\Common Files\InterVideo
2009-04-12 08:32 . 2009-04-12 08:32 -------- d-----w C:\Documentation
2009-04-12 08:27 . 2009-04-12 08:27 -------- d-----w c:\program files\Skype
2009-04-12 08:27 . 2009-04-12 08:27 -------- d-----w c:\program files\Common Files\Skype
2009-04-12 08:27 . 2009-04-12 08:27 -------- d-----w c:\programdata\Skype
2009-04-12 08:27 . 2009-04-12 08:27 -------- d-----w c:\users\All Users\Skype
2009-04-12 08:27 . 2009-04-12 08:27 -------- d-----w c:\programdata\Uninstall
2009-04-12 08:27 . 2009-04-12 08:27 -------- d-----w c:\users\All Users\Uninstall
2009-04-12 08:27 . 2009-04-12 08:27 -------- d-----w c:\programdata\Sonic
2009-04-12 08:27 . 2009-04-12 08:27 -------- d-----w c:\users\All Users\Sonic
2009-04-12 08:21 . 2009-04-12 02:13 -------- d-----w c:\program files\DivX
2009-04-12 08:18 . 2009-04-12 08:18 -------- d-----w c:\program files\Picasa2
2009-04-12 08:18 . 2009-04-21 21:14 -------- d-----w c:\program files\Google BAE
2009-04-12 08:11 . 2009-04-30 12:27 -------- d-----w c:\programdata\Microsoft Help
2009-04-12 08:11 . 2009-04-30 12:27 -------- d-----w c:\users\All Users\Microsoft Help
2009-04-12 08:10 . 2009-04-12 08:10 -------- d--h--r C:\MSOCache
2009-04-12 08:09 . 2009-04-12 08:10 -------- d-----w c:\windows\Sonysys
2009-04-12 08:04 . 2008-03-13 17:10 -------- d-----r c:\users\Default\Contacts
2009-04-12 08:04 . 2008-03-13 17:10 -------- d-----r c:\users\Default\Searches
2009-04-12 08:04 . 2009-04-12 08:04 -------- d-----w C:\Intel
2009-04-12 02:40 . 2008-10-22 01:22 2048 ----a-w c:\windows\system32\tzres.dll
2009-04-12 02:21 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
2009-04-12 02:21 . 2009-04-12 02:22 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-12 02:13 . 2009-04-12 02:13 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-12 02:12 . 2009-04-12 02:12 -------- d-----w c:\program files\GSpot
2009-04-12 02:09 . 2009-04-12 02:09 -------- d-----w c:\program files\VideoLAN
2009-04-12 02:09 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-12 02:09 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-12 02:09 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-12 02:09 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-12 02:09 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-12 02:08 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-12 02:08 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-12 01:58 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-12 01:58 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-12 01:58 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-12 01:56 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-12 01:56 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 01:58 . 2009-04-12 02:13 884 ----a-w c:\windows\Tasks\GoogleUpdateTaskMachine.job
2009-05-02 01:58 . 2006-11-02 13:01 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-04-19 23:46 . 2009-04-19 23:46 -------- d-----w c:\program files\iTunes
2009-04-19 23:46 . 2009-04-19 22:53 -------- d-----w c:\program files\Common Files\Apple
2009-04-19 23:37 . 2009-04-19 23:37 -------- d-----w c:\program files\Safari
2009-04-19 22:56 . 2009-04-19 22:56 -------- d-----w c:\program files\Bonjour
2009-04-19 22:56 . 2009-04-19 22:56 -------- d-----w c:\program files\QuickTime
2009-04-19 22:55 . 2009-04-19 22:55 -------- d-----w c:\program files\Apple Software Update
2009-04-19 22:54 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat
2009-04-19 22:54 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-19 22:54 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-17 15:27 . 2009-04-12 00:46 49077 ----a-w c:\users\Aasim N\AppData\Roaming\nvModes.dat
2009-04-16 00:51 . 2009-04-12 00:46 106776 ----a-w c:\users\Aasim N\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-16 00:14 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild
2009-04-15 15:13 . 2008-03-13 20:20 -------- d-----w c:\program files\Common Files\Adobe
2009-04-14 23:18 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-13 17:48 . 2008-03-13 18:42 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-13 17:47 . 2008-03-13 17:31 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-12 21:11 . 2008-03-13 20:21 -------- d-----w c:\program files\Java
2009-04-12 08:35 . 2008-03-13 20:20 -------- d-----w c:\program files\Sony
2009-04-12 08:34 . 2009-04-12 08:33 -------- d-----w c:\program files\InterVideo
2009-04-12 08:29 . 2008-03-13 20:16 -------- d-----w c:\program files\Common Files\Sony Shared
2009-04-12 08:27 . 2009-04-12 08:26 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-04-12 08:27 . 2009-04-12 08:21 -------- d-----w c:\program files\Common Files\PX Storage Engine
2009-04-12 08:27 . 2009-04-12 08:27 -------- d-----w c:\program files\Roxio
2009-04-12 08:26 . 2009-04-12 08:26 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-04-12 08:18 . 2009-04-12 08:18 -------- d-----w c:\program files\Microsoft Small Business
2009-04-12 08:16 . 2009-04-12 08:12 -------- d-----w c:\program files\Microsoft.NET
2009-04-12 08:14 . 2009-04-12 08:14 -------- d-----w c:\program files\BFG
2009-04-12 08:14 . 2009-04-12 08:14 -------- d-----w c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-04-12 08:13 . 2009-04-12 08:13 -------- d-----w c:\program files\Microsoft Works
2009-04-12 03:09 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-12 02:26 . 2009-04-12 08:15 -------- d-----w c:\program files\Microsoft SQL Server
2009-04-12 02:15 . 2008-03-13 17:14 -------- d-----w c:\program files\Google
2009-04-12 01:16 . 2009-04-12 01:16 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-04-12 00:47 . 2009-04-12 00:47 0 ---ha-r c:\windows\system32\drivers\Sony_VGN-NR32SS.mrk
2009-03-17 03:38 . 2009-04-14 18:25 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-14 18:25 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-14 18:25 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:46 . 2009-04-14 18:25 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-14 18:25 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-14 18:25 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-14 18:25 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-14 18:25 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-14 18:25 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-14 18:25 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-14 18:25 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-14 18:25 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:37 . 2009-04-14 18:25 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 03:04 . 2009-04-14 18:25 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-14 18:25 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-14 18:25 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-02-13 08:49 . 2009-04-14 18:25 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-14 18:25 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 03:10 . 2009-04-12 01:13 2033152 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-04 09:50 . 2009-02-04 09:50 24576 ----a-w c:\windows\system32\nsis_loader.dll
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 17:40 333192 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-03-10 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-12 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-12 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-12 8497696]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-11-21 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-12 148888]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-23 4718592]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPro520.lnk - c:\windows\VPro520.exe [2009-4-13 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 03:05 98304 ----a-w c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{297EA8CF-1A0B-47E6-BC42-0197448A87A8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2F8938BD-7946-414B-A22B-9CA77F79C2B3}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{709ED0BB-5ACD-4E79-88C3-FC94F3901EFC}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{E0B4A04E-3BAC-4220-8C1D-CF4E33545A59}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{57DA30EE-990E-4977-8F21-6C75C5F24C15}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{36082900-42C7-4EAC-94CD-59F358C5AFFE}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A1907FAD-3559-4371-90B5-4AA328CCA00D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{36B60850-6639-4630-B2BD-1F07BEF2DBD5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1BD26FAE-845C-446F-BA6A-5EF726AE3E50}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{02D287D9-D0F7-4243-B4E1-F5E537A08D54}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DC71B3CE-6DD6-44BA-9E35-B3858254A2DF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FE533F28-2534-4FD9-9528-262B014E65F8}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{7287D925-8F89-41F4-89D6-2D3BC56AF2DD}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{BB9E7497-0B96-4896-A416-9C6676241C2F}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{6010C7E9-60A5-4DC4-A56F-743D0D2B7984}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{7768C922-C192-4F76-8D67-3563DEB3B483}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{E7D83616-68FB-416D-9960-FFFAD156C980}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{9A7707D2-3571-4FDD-94CD-00AF11825874}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{D29C76E3-49E8-41CA-BC56-4DA692DE8085}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{B7AC9230-AFB1-484D-B3AE-622452D5D0F6}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{3395D16E-D958-4758-8D36-E04948C29BC3}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{74B3FB8F-A88B-473F-B38A-33B59176F0CF}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{E0C08650-ED09-4532-A0D4-62530E0C0267}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{2C0A8593-9A1B-446A-BD52-B22EBE01CF48}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{F3D437AC-16C7-4277-97A0-A27DE9E9F344}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{51745C8A-243B-4DC2-BE91-C2503A0F5D8F}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{6F203E04-AEF0-4B7F-9302-E908C979F3C0}c:\\program files\\google\\chrome\\application\\chrome.exe"= UDP:c:\program files\google\chrome\application\chrome.exe:Google Chrome
"UDP Query User{EAABA792-0E24-4016-B7FD-DF6862F68D8F}c:\\program files\\google\\chrome\\application\\chrome.exe"= TCP:c:\program files\google\chrome\application\chrome.exe:Google Chrome
"TCP Query User{D119C834-1049-4782-B78D-5CD8AA03A0C5}c:\\program files\\ppmate\\ppamnet.exe"= UDP:c:\program files\ppmate\ppamnet.exe:ppmnet Module
"UDP Query User{37906D68-3721-4754-9293-69786704498D}c:\\program files\\ppmate\\ppamnet.exe"= TCP:c:\program files\ppmate\ppamnet.exe:ppmnet Module
"TCP Query User{EFEBAFF7-DCF3-4609-9DC5-BE22566B0686}c:\\program files\\common files\\synacast\\synalive\\pplive.exe"= UDP:c:\program files\common files\synacast\synalive\pplive.exe:PPLive
"UDP Query User{F108E5D1-6D61-4DF9-9ACC-BCD6BBC205FE}c:\\program files\\common files\\synacast\\synalive\\pplive.exe"= TCP:c:\program files\common files\synacast\synalive\pplive.exe:PPLive
"TCP Query User{FF6E5782-B48B-4966-8E2A-56F14F3E3161}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{22774795-6318-4EE9-8824-57B0D3E46DAE}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{46AFAD9C-929D-46A2-929B-7A01A3ADBE92}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java™ Platform SE binary
"UDP Query User{94AE09A4-E915-4DD1-839B-6A60ECF99BA3}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java™ Platform SE binary

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\PPMate\\ppmate.exe"= c:\program files\PPMate\ppmate.exe:*:Enabled:PPMate
"c:\\Program Files\\PPMate\\ppamnet.exe"= c:\program files\PPMate\ppamnet.exe:*:Enabled:PPMate

R2 gupdate1c9bb14558392e0;Google Update Service (gupdate1c9bb14558392e0);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 133104]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2008-12-10 64392]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-03-05 104288]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-03-05 350048]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-03-05 63328]
R3 SPC520;Philips SPC520NC PC Camera;c:\windows\system32\drivers\SPC520.sys [2007-10-01 483328]
R3 SPC520m;Philips SPC520NC PC Cameram;c:\windows\system32\drivers\SPC520m.sys [2007-10-01 7680]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-03-31 33056]
R3 ThreatFire;ThreatFire; [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-03-03 333088]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-03 87328]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-03 130936]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-03-31 51488]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-03-31 39200]
S1 aswSP;avast! Self Protection; [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2008-12-11 159600]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-03-10 229376]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-12-17 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - g:\.\EncryptionTool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab4eb924-273d-11de-9819-001a80f22a5d}]
\shell\AutoRun\command - g:\.\EncryptionTool\MaxtorEncryption.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-02 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 02:13]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe
HKLM-Run-Persistence - c:\windows\system32\igfxpers.exe
HKLM-Run-HotKeysCmds - c:\windows\system32\hkcmd.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: ʹUUSeeٲ - c:\program files\uusee\geturltoplay.htm
IE: ʹUUSee - c:\program files\uusee\geturltodown.htm
IE: {{998A88A0-A355-809B-831C-B83A80000992}
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Aasim N\AppData\Roaming\Mozilla\Firefox\Profiles\i4od8s2z.default\
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-02 03:05
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9e.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9e.ocx, 1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9e.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9e.ocx, 1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9e.exe,-101"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9e.exe"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"

[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4

[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
.
Completion time: 2009-05-02 3:07
ComboFix-quarantined-files.txt 2009-05-02 02:07

Pre-Run: 90,364,125,184 bytes free
Post-Run: 90,371,338,240 bytes free

431 --- E O F --- 2009-04-30 12:27
  • 0

#8
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello aasimn,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-

SysRst::

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt. Please post the following report into your next reply:
  • Combofix.txt .

  • 0

#9
aasimn

aasimn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
hey do u mind explaining to wt the combofix tried to do...thx!

ComboFix 09-05-02.4 - Aasim N 02/05/2009 16:18.1 - NTFSx86
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.44.1033.18.2046.1232 [GMT 1:00]
Running from: c:\users\Aasim N\Desktop\ComboFix.exe
Command switches used :: c:\users\Aasim N\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.

2009-05-02 11:24 . 2009-05-02 11:24 -------- d-----w c:\program files\FilmOn HDi Player
2009-05-01 12:08 . 2009-05-01 12:08 -------- d-----w c:\users\Aasim N\AppData\Local\Apple
2009-05-01 10:08 . 2009-05-01 10:08 -------- d-----w C:\_OTListIt
2009-05-01 01:41 . 2009-05-01 01:41 -------- d-----w C:\Rooter$
2009-05-01 01:37 . 2009-05-02 01:04 -------- d-----w c:\users\Aasim N\AppData\Local\Apple Computer
2009-05-01 01:29 . 2009-02-05 20:06 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-05-01 01:29 . 2009-05-01 01:29 -------- d-----w c:\program files\Alwil Software
2009-05-01 01:22 . 2009-05-01 01:22 -------- d-----w c:\program files\Perfect Uninstaller
2009-05-01 01:14 . 2009-05-01 01:14 -------- d-----w c:\program files\ERUNT
2009-04-30 22:23 . 2009-04-30 22:23 -------- d-sh--w C:\$RECYCLE.BIN
2009-04-28 00:20 . 2009-04-28 00:20 -------- d-----w c:\users\Aasim N\AppData\Local\ESET
2009-04-27 22:01 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-27 22:01 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 22:01 . 2009-04-27 22:01 -------- d-----w c:\programdata\Malwarebytes
2009-04-27 22:01 . 2009-04-27 22:01 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-27 22:01 . 2009-05-01 01:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-27 20:45 . 2009-04-27 20:45 -------- d-----w c:\programdata\ESET
2009-04-27 20:45 . 2009-04-27 20:45 -------- d-----w c:\users\All Users\ESET
2009-04-27 20:05 . 2009-04-27 20:09 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-26 20:37 . 2009-04-26 20:37 -------- d-----w c:\temp\Sony Corporation
2009-04-26 20:37 . 2009-04-26 20:37 -------- d-----w C:\Temp
2009-04-26 01:15 . 2009-04-26 01:15 -------- d-----w c:\program files\HeroCodec
2009-04-25 15:53 . 2009-04-25 15:53 -------- d-----w C:\pfsvoddata
2009-04-25 15:52 . 2009-04-25 16:22 -------- d-----w c:\programdata\PPLive
2009-04-25 15:52 . 2009-04-25 16:22 -------- d-----w c:\users\All Users\PPLive
2009-04-25 15:52 . 2009-04-25 15:52 -------- d-----w c:\users\Aasim N\AppData\Roaming\PPLive
2009-04-25 15:52 . 2009-04-25 15:53 -------- d-----w c:\windows\system32\PPLive
2009-04-25 15:51 . 2009-04-25 15:55 -------- d-----w c:\users\Aasim N\AppData\Roaming\SopCast
2009-04-25 15:51 . 2009-04-25 15:51 -------- d-----w C:\ppmaterecord
2009-04-25 15:50 . 2009-04-25 15:50 -------- d-----w c:\users\Aasim N\AppData\Roaming\PPMate
2009-04-25 15:50 . 2009-04-25 15:50 -------- d-----w c:\program files\Common Files\Synacast
2009-04-25 15:50 . 2009-04-25 16:28 -------- d-----w c:\program files\PPMate
2009-04-23 20:29 . 2009-04-23 20:29 -------- d-----w c:\users\Aasim N\AppData\Roaming\ArcSoft
2009-04-22 20:16 . 2009-04-22 20:16 -------- d-----w c:\program files\Common Files\uusee
2009-04-22 20:16 . 2009-04-22 20:16 -------- d-----w c:\program files\uusee
2009-04-22 18:51 . 2009-04-22 18:51 -------- d--h--w C:\VJVod_Cache
2009-04-22 16:23 . 2009-04-22 16:23 -------- d-----w c:\windows\system32\nagasoft
2009-04-21 21:21 . 2009-03-31 10:23 39200 ----a-w c:\windows\system32\drivers\TfSysMon.sys
2009-04-21 21:21 . 2009-03-31 10:23 33056 ----a-w c:\windows\system32\drivers\TfNetMon.sys
2009-04-21 21:21 . 2009-03-31 10:23 12576 ----a-w c:\windows\system32\drivers\TfKbMon.sys
2009-04-21 21:21 . 2009-03-31 10:23 51488 ----a-w c:\windows\system32\drivers\TfFsMon.sys
2009-04-21 21:04 . 2008-12-11 07:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-21 21:04 . 2009-04-03 10:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-21 21:04 . 2008-12-18 11:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-21 21:04 . 2009-05-02 15:15 -------- d---a-w c:\programdata\TEMP
2009-04-21 21:04 . 2009-05-02 15:15 -------- d---a-w c:\users\All Users\TEMP
2009-04-21 21:04 . 2009-04-21 21:05 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-21 21:04 . 2008-12-10 10:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-04-21 21:04 . 2009-04-21 21:23 -------- d-----w c:\programdata\PC Tools
2009-04-21 21:04 . 2009-04-21 21:23 -------- d-----w c:\users\All Users\PC Tools
2009-04-21 21:04 . 2009-04-21 21:04 -------- d-----w c:\users\Aasim N\AppData\Roaming\PC Tools
2009-04-21 21:04 . 2009-05-02 15:15 -------- d-----w c:\program files\Spyware Doctor
2009-04-21 19:32 . 2009-04-21 19:32 -------- d-----w c:\program files\TVAnts
2009-04-21 18:59 . 2009-04-21 18:59 -------- d-----w c:\program files\Veetle
2009-04-19 23:46 . 2008-04-17 11:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-19 23:46 . 2009-03-19 15:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-19 23:46 . 2009-04-19 23:46 -------- d-----w c:\program files\iPod
2009-04-19 23:46 . 2009-04-19 23:46 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-19 22:53 . 2009-04-19 22:53 -------- d-----w c:\programdata\Apple
2009-04-19 22:53 . 2009-04-19 22:53 -------- d-----w c:\users\All Users\Apple
2009-04-19 22:48 . 2009-04-19 22:48 -------- d-----w c:\windows\system32\URTTEMP
2009-04-19 21:08 . 2009-04-19 21:08 -------- d-----r c:\windows\system32\config\systemprofile\Music
2009-04-19 15:33 . 2009-04-19 15:33 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-17 14:45 . 2009-04-17 14:45 32 ----a-w c:\programdata\ezsid.dat
2009-04-17 14:45 . 2009-04-17 14:45 32 ----a-w c:\users\All Users\ezsid.dat
2009-04-17 14:45 . 2009-05-01 23:04 -------- d-----w c:\users\Aasim N\AppData\Roaming\skypePM
2009-04-16 21:32 . 2009-04-16 21:32 -------- d-----w c:\programdata\WindowsSearch
2009-04-16 21:32 . 2009-04-16 21:32 -------- d-----w c:\users\All Users\WindowsSearch
2009-04-16 00:16 . 2006-10-26 18:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-04-16 00:07 . 2009-04-16 00:07 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-04-15 21:26 . 2009-05-02 00:17 -------- d-----w c:\users\Aasim N\AppData\Roaming\Skype
2009-04-15 19:37 . 2009-04-15 19:37 -------- d-----w c:\users\Aasim N\AppData\Roaming\vlc
2009-04-13 22:33 . 2009-04-13 22:33 -------- d-----w c:\users\Aasim N\AppData\Local\Mozilla
2009-04-13 17:48 . 2009-04-13 17:48 -------- d-----w c:\program files\Common Files\ArcSoft
2009-04-13 17:48 . 1995-08-01 03:44 212480 ----a-w c:\windows\PCDLIB32.DLL
2009-04-13 17:48 . 2005-04-27 15:36 245408 ----a-w c:\windows\system32\unicows.dll
2009-04-13 17:47 . 2009-04-13 17:47 -------- d-----w c:\program files\DIFX
2009-04-13 17:46 . 2007-10-01 13:38 7680 ----a-w c:\windows\system32\drivers\SPC520m.sys
2009-04-13 17:46 . 2007-10-01 13:38 483328 ----a-w c:\windows\system32\drivers\SPC520.sys
2009-04-13 17:45 . 2009-04-13 17:46 -------- d-----w c:\program files\Philips
2009-04-13 17:45 . 2003-02-21 12:42 348160 ----a-w c:\windows\msvcr71.dll
2009-04-13 17:45 . 2007-04-06 11:42 73728 ----a-w c:\windows\VPro520.exe
2009-04-13 17:45 . 2003-03-19 05:20 1060864 ----a-w c:\windows\MFC71.dll
2009-04-13 17:45 . 2009-04-13 17:46 -------- d-----w c:\program files\Common Files\SPC520NC
2009-04-13 17:45 . 2009-04-13 17:45 -------- d-----w c:\windows\Philips
2009-04-13 17:43 . 2009-04-13 17:43 -------- d-----w c:\users\Aasim N\AppData\Roaming\InstallShield
2009-04-12 21:11 . 2009-04-12 21:11 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-12 21:06 . 2009-04-13 18:29 -------- d-----w c:\users\Aasim N\AppData\Local\Microsoft Games
2009-04-12 08:34 . 2009-04-12 08:34 -------- d-----w c:\program files\Common Files\InterVideo
2009-04-12 08:32 . 2009-04-12 08:32 -------- d-----w C:\Documentation
2009-04-12 08:27 . 2009-04-12 08:27 -------- d-----w c:\program files\Skype
2009-04-12 08:27 . 2009-04-12 08:27 -------- d-----w c:\program files\Common Files\Skype
2009-04-12 08:27 . 2009-04-12 08:27 -------- d-----w c:\programdata\Skype
2009-04-12 08:27 . 2009-04-12 08:27 -------- d-----w c:\users\All Users\Skype
2009-04-12 08:27 . 2009-04-12 08:27 -------- d-----w c:\programdata\Uninstall
2009-04-12 08:27 . 2009-04-12 08:27 -------- d-----w c:\users\All Users\Uninstall
2009-04-12 08:27 . 2009-04-12 08:27 -------- d-----w c:\programdata\Sonic
2009-04-12 08:27 . 2009-04-12 08:27 -------- d-----w c:\users\All Users\Sonic
2009-04-12 08:21 . 2009-04-12 02:13 -------- d-----w c:\program files\DivX
2009-04-12 08:18 . 2009-04-12 08:18 -------- d-----w c:\program files\Picasa2
2009-04-12 08:18 . 2009-04-21 21:14 -------- d-----w c:\program files\Google BAE
2009-04-12 08:11 . 2009-04-30 12:27 -------- d-----w c:\programdata\Microsoft Help
2009-04-12 08:11 . 2009-04-30 12:27 -------- d-----w c:\users\All Users\Microsoft Help
2009-04-12 08:10 . 2009-04-12 08:10 -------- d--h--r C:\MSOCache
2009-04-12 08:09 . 2009-04-12 08:10 -------- d-----w c:\windows\Sonysys
2009-04-12 08:04 . 2008-03-13 17:10 -------- d-----r c:\users\Default\Contacts
2009-04-12 08:04 . 2008-03-13 17:10 -------- d-----r c:\users\Default\Searches
2009-04-12 08:04 . 2009-04-12 08:04 -------- d-----w C:\Intel
2009-04-12 02:40 . 2008-10-22 01:22 2048 ----a-w c:\windows\system32\tzres.dll
2009-04-12 02:21 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
2009-04-12 02:21 . 2009-04-12 02:22 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-12 02:13 . 2009-04-12 02:13 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-12 02:12 . 2009-04-12 02:12 -------- d-----w c:\program files\GSpot
2009-04-12 02:09 . 2009-04-12 02:09 -------- d-----w c:\program files\VideoLAN
2009-04-12 02:09 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-12 02:09 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-12 02:09 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-12 02:09 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-12 02:09 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-12 02:08 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-12 02:08 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-12 01:58 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-12 01:58 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-12 01:58 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-12 01:56 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 03:53 . 2009-04-12 02:13 884 ----a-w c:\windows\Tasks\GoogleUpdateTaskMachine.job
2009-05-02 02:15 . 2006-11-02 13:01 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-04-19 23:46 . 2009-04-19 23:46 -------- d-----w c:\program files\iTunes
2009-04-19 23:46 . 2009-04-19 22:53 -------- d-----w c:\program files\Common Files\Apple
2009-04-19 23:37 . 2009-04-19 23:37 -------- d-----w c:\program files\Safari
2009-04-19 22:56 . 2009-04-19 22:56 -------- d-----w c:\program files\Bonjour
2009-04-19 22:56 . 2009-04-19 22:56 -------- d-----w c:\program files\QuickTime
2009-04-19 22:55 . 2009-04-19 22:55 -------- d-----w c:\program files\Apple Software Update
2009-04-19 22:54 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat
2009-04-19 22:54 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-19 22:54 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-17 15:27 . 2009-04-12 00:46 49077 ----a-w c:\users\Aasim N\AppData\Roaming\nvModes.dat
2009-04-16 00:51 . 2009-04-12 00:46 106776 ----a-w c:\users\Aasim N\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-16 00:14 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild
2009-04-15 15:13 . 2008-03-13 20:20 -------- d-----w c:\program files\Common Files\Adobe
2009-04-14 23:18 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-13 17:48 . 2008-03-13 18:42 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-13 17:47 . 2008-03-13 17:31 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-12 21:11 . 2008-03-13 20:21 -------- d-----w c:\program files\Java
2009-04-12 08:35 . 2008-03-13 20:20 -------- d-----w c:\program files\Sony
2009-04-12 08:34 . 2009-04-12 08:33 -------- d-----w c:\program files\InterVideo
2009-04-12 08:29 . 2008-03-13 20:16 -------- d-----w c:\program files\Common Files\Sony Shared
2009-04-12 08:27 . 2009-04-12 08:26 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-04-12 08:27 . 2009-04-12 08:21 -------- d-----w c:\program files\Common Files\PX Storage Engine
2009-04-12 08:27 . 2009-04-12 08:27 -------- d-----w c:\program files\Roxio
2009-04-12 08:26 . 2009-04-12 08:26 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-04-12 08:18 . 2009-04-12 08:18 -------- d-----w c:\program files\Microsoft Small Business
2009-04-12 08:16 . 2009-04-12 08:12 -------- d-----w c:\program files\Microsoft.NET
2009-04-12 08:14 . 2009-04-12 08:14 -------- d-----w c:\program files\BFG
2009-04-12 08:14 . 2009-04-12 08:14 -------- d-----w c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-04-12 08:13 . 2009-04-12 08:13 -------- d-----w c:\program files\Microsoft Works
2009-04-12 03:09 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-12 02:26 . 2009-04-12 08:15 -------- d-----w c:\program files\Microsoft SQL Server
2009-04-12 02:15 . 2008-03-13 17:14 -------- d-----w c:\program files\Google
2009-04-12 01:16 . 2009-04-12 01:16 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-04-12 00:47 . 2009-04-12 00:47 0 ---ha-r c:\windows\system32\drivers\Sony_VGN-NR32SS.mrk
2009-03-17 03:38 . 2009-04-14 18:25 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-14 18:25 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-14 18:25 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:46 . 2009-04-14 18:25 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-14 18:25 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-14 18:25 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-14 18:25 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-14 18:25 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-14 18:25 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-14 18:25 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-14 18:25 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-14 18:25 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:37 . 2009-04-14 18:25 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 03:04 . 2009-04-14 18:25 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-14 18:25 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-14 18:25 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-02-13 08:49 . 2009-04-14 18:25 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-14 18:25 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 03:10 . 2009-04-12 01:13 2033152 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-04 09:50 . 2009-02-04 09:50 24576 ----a-w c:\windows\system32\nsis_loader.dll
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-03-10 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-12 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-12 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-12 8497696]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-11-21 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-12 148888]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-23 4718592]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPro520.lnk - c:\windows\VPro520.exe [2009-4-13 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 03:05 98304 ----a-w c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{297EA8CF-1A0B-47E6-BC42-0197448A87A8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2F8938BD-7946-414B-A22B-9CA77F79C2B3}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{709ED0BB-5ACD-4E79-88C3-FC94F3901EFC}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{E0B4A04E-3BAC-4220-8C1D-CF4E33545A59}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{57DA30EE-990E-4977-8F21-6C75C5F24C15}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{36082900-42C7-4EAC-94CD-59F358C5AFFE}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A1907FAD-3559-4371-90B5-4AA328CCA00D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{36B60850-6639-4630-B2BD-1F07BEF2DBD5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1BD26FAE-845C-446F-BA6A-5EF726AE3E50}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{02D287D9-D0F7-4243-B4E1-F5E537A08D54}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DC71B3CE-6DD6-44BA-9E35-B3858254A2DF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FE533F28-2534-4FD9-9528-262B014E65F8}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{7287D925-8F89-41F4-89D6-2D3BC56AF2DD}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{BB9E7497-0B96-4896-A416-9C6676241C2F}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{6010C7E9-60A5-4DC4-A56F-743D0D2B7984}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{7768C922-C192-4F76-8D67-3563DEB3B483}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{E7D83616-68FB-416D-9960-FFFAD156C980}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{9A7707D2-3571-4FDD-94CD-00AF11825874}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{D29C76E3-49E8-41CA-BC56-4DA692DE8085}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{B7AC9230-AFB1-484D-B3AE-622452D5D0F6}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{3395D16E-D958-4758-8D36-E04948C29BC3}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{74B3FB8F-A88B-473F-B38A-33B59176F0CF}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{E0C08650-ED09-4532-A0D4-62530E0C0267}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{2C0A8593-9A1B-446A-BD52-B22EBE01CF48}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{F3D437AC-16C7-4277-97A0-A27DE9E9F344}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{51745C8A-243B-4DC2-BE91-C2503A0F5D8F}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{6F203E04-AEF0-4B7F-9302-E908C979F3C0}c:\\program files\\google\\chrome\\application\\chrome.exe"= UDP:c:\program files\google\chrome\application\chrome.exe:Google Chrome
"UDP Query User{EAABA792-0E24-4016-B7FD-DF6862F68D8F}c:\\program files\\google\\chrome\\application\\chrome.exe"= TCP:c:\program files\google\chrome\application\chrome.exe:Google Chrome
"TCP Query User{D119C834-1049-4782-B78D-5CD8AA03A0C5}c:\\program files\\ppmate\\ppamnet.exe"= UDP:c:\program files\ppmate\ppamnet.exe:ppmnet Module
"UDP Query User{37906D68-3721-4754-9293-69786704498D}c:\\program files\\ppmate\\ppamnet.exe"= TCP:c:\program files\ppmate\ppamnet.exe:ppmnet Module
"TCP Query User{EFEBAFF7-DCF3-4609-9DC5-BE22566B0686}c:\\program files\\common files\\synacast\\synalive\\pplive.exe"= UDP:c:\program files\common files\synacast\synalive\pplive.exe:PPLive
"UDP Query User{F108E5D1-6D61-4DF9-9ACC-BCD6BBC205FE}c:\\program files\\common files\\synacast\\synalive\\pplive.exe"= TCP:c:\program files\common files\synacast\synalive\pplive.exe:PPLive
"TCP Query User{FF6E5782-B48B-4966-8E2A-56F14F3E3161}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{22774795-6318-4EE9-8824-57B0D3E46DAE}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{46AFAD9C-929D-46A2-929B-7A01A3ADBE92}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java™ Platform SE binary
"UDP Query User{94AE09A4-E915-4DD1-839B-6A60ECF99BA3}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java™ Platform SE binary
"TCP Query User{CBEE99A7-E9D0-449E-B551-38B7D09D76D1}c:\\program files\\filmon hdi player\\filmon hdi player.exe"= UDP:c:\program files\filmon hdi player\filmon hdi player.exe:FilmOn HDi Player
"UDP Query User{11B0C31B-083A-4612-91A5-6CAC0A9E217E}c:\\program files\\filmon hdi player\\filmon hdi player.exe"= TCP:c:\program files\filmon hdi player\filmon hdi player.exe:FilmOn HDi Player

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\PPMate\\ppmate.exe"= c:\program files\PPMate\ppmate.exe:*:Enabled:PPMate
"c:\\Program Files\\PPMate\\ppamnet.exe"= c:\program files\PPMate\ppamnet.exe:*:Enabled:PPMate

R2 gupdate1c9bb14558392e0;Google Update Service (gupdate1c9bb14558392e0);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 133104]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2008-12-10 64392]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-03-05 104288]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-03-05 350048]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-03-05 63328]
R3 SPC520;Philips SPC520NC PC Camera;c:\windows\system32\drivers\SPC520.sys [2007-10-01 483328]
R3 SPC520m;Philips SPC520NC PC Cameram;c:\windows\system32\drivers\SPC520m.sys [2007-10-01 7680]
R3 ThreatFire;ThreatFire; [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-03-03 333088]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-03 87328]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-03 130936]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-03-31 51488]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-03-31 39200]
S1 aswSP;avast! Self Protection; [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2008-12-11 159600]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-03-10 229376]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-12-17 9344]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-03-31 33056]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]


--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - g:\.\EncryptionTool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab4eb924-273d-11de-9819-001a80f22a5d}]
\shell\AutoRun\command - g:\.\EncryptionTool\MaxtorEncryption.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-02 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 02:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: ʹUUSeeٲ - c:\program files\uusee\geturltoplay.htm
IE: ʹUUSee - c:\program files\uusee\geturltodown.htm
IE: {{998A88A0-A355-809B-831C-B83A80000992}
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Aasim N\AppData\Roaming\Mozilla\Firefox\Profiles\i4od8s2z.default\
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-02 16:22
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\AASIMN~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9e.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9e.ocx, 1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9e.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9e.ocx, 1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9e.exe,-101"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9e.exe"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"

[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4

[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5352)
c:\windows\system32\ieframe.dll
.
Completion time: 2009-05-02 16:24
ComboFix-quarantined-files.txt 2009-05-02 15:23
ComboFix2.txt 2009-05-02 02:07

Pre-Run: 90,163,380,224 bytes free
Post-Run: 90,167,304,192 bytes free

417 --- E O F --- 2009-04-30 12:27
  • 0

#10
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello aasimn,

hey do u mind explaining to wt the combofix tried to do

It scans for a number of different types of malware and try's to remove it, also lists different things on your computer and if we see if it is bad, can tell the program to remove it. :)



  • Please start Malwarebytes' Anti-Malware and update it.
  • To update please do this, click Update and then click Check for Updates.
  • It will now install any updates it finds.
  • Once it is done updating please click Scanner and then click "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.








Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
~~~~~~~~~~~~~~~
In your next reply please have these logs.
The Malwarebytes log
And the Kaspersky log
  • 0

Advertisements


#11
aasimn

aasimn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
malware log ... wil scan with kaspersky next..thx

Malwarebytes' Anti-Malware 1.36
Database version: 2069
Windows 6.0.6001 Service Pack 1

03/05/2009 05:41:32
mbam-log-2009-05-03 (05-41-32).txt

Scan type: Quick Scan
Objects scanned: 73649
Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HeroCodecSoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\Aasim N\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HeroCodec\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\HeroCodec\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
  • 0

#12
aasimn

aasimn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
i did both scans this time so here r the logs

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, May 3, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, May 03, 2009 06:54:29
Records in database: 2122830
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 99461
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 06:21:22


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Windows\System32\gxvxcwiprniyqiellodqovitxccotnuoedbed.dll.vir Infected: Trojan-Downloader.Win32.Agent.brpo 1

The selected area was scanned.


Malwarebytes' Anti-Malware 1.36
Database version: 2069
Windows 6.0.6001 Service Pack 1

03/05/2009 15:01:48
mbam-log-2009-05-03 (15-01-48).txt

Scan type: Quick Scan
Objects scanned: 74755
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#13
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello aasimn,

How is your computer running now?
  • 0

#14
aasimn

aasimn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
it working fine now...seems normal speed!
but i had 2 format my c drive thrice in this year...the error used to b windows cannot boot.

any precautions i need 2 take.
thanks
n is the virus gone now?
  • 0

#15
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello aasimn,

any precautions i need 2 take.

Try to keep all of your programs up to date and run your virus scans every 1-2 weeks.

n is the virus gone now?

Looks like it, all of your logs look clean. :)

Lets go ahead and remove the tools used and update a program.





You are using a old version of Adobe Acrobat Reader, please update it here.









Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image







Please download OTCleanIt and save it to your Desktop.
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button to begin removing tools used to clean your computer
  • If you are prompted to Reboot during the cleanup, please select Yes

Please remove any leftover tools used to clean your computer.








The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spywareguard: Is realtime protection from spyware.

2. Spywareblaster: Helps protect against any bad ActiveX from installing on your computer.

3. SuperAntiSpyware: Use this program to help remove any spyware that may have gotten on your computer.

4. FireFox: This is a great alternate browser over Internet Explorer. Firefox is much more secure then Internet Explorer and also has a bulilt in pop up blocker.

5. ATF Cleaner: This program cleans out your temporary files. This is a great tool that can help speed your computer up.

6. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP